docs(faq): Add caddy reverse proxy guide

fullmetalsheep · fullmetalsheep · commit 7a5529a7b60c · 2025-10-09T11:26:17.000+08:00
diff --git a/docs/FAQ.md b/docs/FAQ.md
@@ -241,7 +241,53 @@ hide:
             - traefik.http.services.foo.loadbalancer.serverstransport=ignorecert@file
             - traefik.http.services.foo.loadbalancer.server.scheme=https
         ```
+  
+    === "Caddy"
 
+        When reverse proxying an HTTPS backend that uses a self-signed certificate, Caddy will normally reject it because it cannot verify the certificate authority. 
+
+        To skip this verification we can modify site entry of the [caddyfile](https://caddyserver.com/docs/quick-starts/caddyfile) as shown below:
+
+        *Note: replace `calibre.xxx.com` with your domain and `172.xxx.xxx.xxx:8181` with your backend service IP and port.*
+
+        ```caddyfile
+        calibre.xxx.com {
+            reverse_proxy https://172.xxx.xxx.xxx:8181 {
+                transport http {
+                    tls
+                    tls_insecure_skip_verify
+                }
+            }
+        }
+        ```
+
+        **Bonus Tip 1**: If you find yourself needing to do this for multiple services, you can also define a [caddy snippet](https://caddyserver.com/docs/caddyfile/concepts#snippets) and reuse it in your caddyfile like so:
+
+        ```caddyfile
+        (allow_insecure_ssl) {
+            transport http {
+                tls
+                tls_insecure_skip_verify
+            }
+        }
+        calibre.xxx.com {
+            reverse_proxy https://172.xxx.xxx.xxx:8181 {
+                import allow_insecure_ssl
+            }
+        }
+        ```
+
+        **Bonus Tip 2**: If you use [caddy-docker-proxy](https://github.com/lucaslorentz/caddy-docker-proxy), you can simply apply the following labels to your docker-compose yaml file:
+
+        ```yaml
+        labels:
+            caddy: calibre.xxx.com
+            caddy.reverse_proxy: "{{upstreams https 8181}}"
+            caddy.reverse_proxy.transport: http
+            caddy.reverse_proxy.transport.tls:
+            caddy.reverse_proxy.transport.tls_insecure_skip_verify:
+        ```
+        
 ??? faq "Why does LinuxServer.io recommend to use docker-compose over Portainer?"
 
     ##### Why does LinuxServer.io recommend to use docker-compose over Portainer? { #portainer }
